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DETAILED ACTION 

1 . The Examiner acknowledges the applicant's submission of the 
amendment dated February 8, 2006. Per the amendment, Claims 1-4, 6-7, and 
9-15 have been amended and Claims 16-20 have been added. 

2. The instant application having Application No. 10/814,475 has a total of 20 
claims pending, with 5 independent claims and 15 dependent claims. 

I. RESPONSES TO AMENDMENT(S) / ARGUMENT(S) 

3. In response to the amendment, the objections to the abstract and Claims 
7 and 12-14 as stated in the previous action are withdrawn. 

4. In response to the amendment, the 35 U.S.C. 101 rejection of Claim 15 as 
stated in the previous action is withdrawn. 

5. Regarding the inclusion of a certified copy of the priority document, the 
Examiner notes that the Applicant is correct and that it was included in the 
original application. 

6. Applicant's arguments with respect to the 35 U.S.C. 102 rejections of 
Claims 1-4, 6, 9-11 and 15 have been fully considered and are persuasive, but 
are moot in view of the new ground(s) of rejection, as described below. However, 
the Examiner notes that the previous rejections fulfill some but not all of the 
limitations added in the amendment. 

Regarding the limitations "wherein said connection information definition 
block includes a logical volume connection information specification division in 
which a connected state value concerning the connection of said computer is 
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specified in relation to each logical volume included in said disk device or each 
logical area in each logical volume included in said disk device, " disclosed in 
Claims 1,2,9 and 1 1 , the Examiner directs the applicant to port mapping table 
entries 191 at column 10, line 42 of Hubis. 

Regarding the limitations "said connected state value ranging between a 
minimum value and a maximum value, said maximum value signifying that said 
computer is fully connected, said minimum value signifying that said computer is 
fully disconnected, an intermediate value between said maximum value and said 
minimum value signifying a conditionally connected state for said computer, " 
disclosed in Claims 1 , 2, 9, 1 1 and 15, the Examiner notes that Hubis does not 
disclose any element that fulfills this limitation. 

7. Applicant's four separate arguments with respect to the 35 U.S.C. 
103 rejections of Claims 5, 7-8 and 12-14 have been fully considered and are 
persuasive, but are moot in view of the new ground(s) of rejection, as described 
below. However, the Examiner notes that the previous rejections fulfill some but 
not all of the limitations added in the amendment, and directs the applicant to see 
the response to the 35 U.S.C. 102 rejections above for more information. 

II. REJECTIONS BASED ON PRIOR ART 

Claim Rejections - 35 USC ' 103 - Hubis and Mcllroy 

8. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 1 02 of this title, if the differences between the subject matter sought to 
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be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

9. Claims 1-4, 6, 9-11 and 15 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Hubis et al (US Patent Number 6,343,324) in view of Mcllroy 
et al. ("Multilevel Security in the UNIX Tradition"). 

10. As per Claim 1 Hubis discloses an input/output management system for 
managing input or output from or to a disk device (Hubis, disk drive storage 
array, column 3 lines 62-65) connected to a computer (host 1, Figure 2 A), 
comprising: 

a connection information definition block (NURAM 182, Figure 2A) 
in which the relationship of logical connection (port mapping table entry 
190, Figure 2B-3) between said computer and a logical volume (logical 
volume, column 10 line 33) included in said disk device or a logical area 
(logical volume, column 10 line 33) in a logical volume (physical disc drive, 
column 10 line 32) is defined; and 

an input/output execution control block (processor 180, Figure 2A) 
that controls, based on the definition, whether said computer can access a 
logical volume included in said disk device or a logical area in a logical 
volume (column 4 lines 6-8). 

Hubis does not disclose wherein said connection information definition 
block includes a logical volume connection information specification division in 
which a connected state value concerning the connection of said computer is 
specified in relation to each logical volume included in said disk device or each 
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logical area in each logical volume included in said disk device, said connected 
state value ranging between a minimum value and a maximum value, said 
maximum value signifying that said computer is fully connected, said minimum 
value signifying that said computer is fully disconnected, an intermediate value 
between said maximum value and said minimum value signifying a conditionally 
connected state for said computer. 

Mcllroy discloses a connected state value (ceiling, section 2, paragraph 1 
line 3) concerning the connection of said computer (process. Section 2, 
paragraph 1 line 3) is specified in relation to each logical volume (file system, 
section 2, paragraph 1 line 3), said connected state value ranging between a 
minimum value and a maximum value (section 2, paragraph 2 line 1), said 
maximum value (symbol "yes", section 2, paragraph 2 line 2) signifying that said 
computer is fully connected, said minimum value (symbol "no", section 2, 
paragraph 2 lines 3-4) signifying that said computer is fully disconnected, an 
intermediate value (element of a mathematical lattice, section 2, paragraph 2 line 
1) between said maximum value and said minimum value signifying a 
conditionally connected state (when a process label has a higher privilege than a 
storage label the communication may proceed, otherwise it will not, section 1, 
paragraph 2 lines 2-3) for said computer. 

Hubis and Mcllroy are analogous art in that they both deal with the Unix 
operating system (see Hubis, column 1 lines 41-43, and Mcllroy, section 1, 
paragraph 1 line 1) and validating authorization to access files (see Hubis, 
column 3 lines 52-59, and Mcllroy, section 1, paragraph 2 lines 1-2). At the time 



Application/Control Number: 10/814,475 Page 6 

Art Unit: 2185 

of the invention it would have been obvious to one having ordinary skill in the art 
to implement Mcllroy's secure system by adding labels to Hubis' port mapping 
table. 

The motivation for doing so would have been that the Mcllroy's system 
provides sound, practical security (abstract, lines 3-5) and uses security labels to 
classify information for purposes of privacy and integrity (abstract, lines 5-7). 

Therefore, it would have been obvious at the time of the invention to 
implement Mcllroy's security labels on Hubis' volume management system for 
the benefit of practical security and for purposes of privacy and integrity, to obtain 
the invention of Claim 1 . 

11. As per Claim 2 , Hubis discloses an input/output management system for 
managing input or output from or to a disk device (disk drive storage array, 
column 3 lines 62-65) connected to a plurality of computers (plurality of 
computers, column 4 line 3 and host 1 through M, Figure 2A), comprising: 

a connection information definition block (NURAM 182, Figure 2A) 
in which the relationship of logical connection (port mapping table 190, 
Figure 2A) between each of said computers and a logical volume (storage 
volume 108, column 4 line 48 and logical volume 1, Figure 2A) included in 
said disk device or a logical area (logical volume, column 10 line 33) in a 
logical volume (physical disc drive, column 10 line 32) is defined using 
computer identification information (unique identifier, column 4 line 5)\ and 
an input/output execution control block (processor 180, Figure 2A) 
that controls, based on the definition, whether each of said computers can 
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access a logical volume included in said disk device or a logical area in a 
logical volume (column 4 lines 6-8). 

Hubis does not disclose wherein said connection information definition 
block includes a logical volume connection information specification division in 
which a connected state value concerning the connection of said computer is 
specified in relation to each logical volume included in said disk device or each 
logical area in each logical volume included in said disk device, said connected 
state value ranging between a minimum value and a maximum value, said 
maximum value signifying that said computer is fully connected, said minimum 
value signifying that said computer is fully disconnected, an intermediate value 
between said maximum value and said minimum value signifying a conditionally 
connected state for said computer. 

Mcllroy discloses a connected state value (ceiling, section 2, paragraph 1 
line 3) concerning the connection of said computer (process. Section 2, 
paragraph 1 line 3) is specified in relation to each logical volume (file system, 
section 2, paragraph 1 line 3), said connected state value ranging between a 
minimum value and a maximum value (section 2, paragraph 2 line 1), said 
maximum value (symbol "yes" section 2, paragraph 2 line 2) signifying that said 
computer is fully connected, said minimum value (symbol "no", section 2, 
paragraph 2 lines 3-4) signifying that said computer is fully disconnected, an 
intermediate value (element of a mathematical lattice, section 2, paragraph 2 line 
1) between said maximum value and said minimum value signifying a 
conditionally connected state (when a process label has a higher privilege than a 
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storage label the communication may proceed, otherwise it will not, section 1, 
paragraph 2 lines 2-3) for said computer. 

Hubis and Mcllroy are analogous art in that they both deal with the Unix 
operating system (see Hubis, column 1 lines 41-43, and Mcllroy, section 1, 
paragraph 1 line 1) and validating authorization to access files (see Hubis, 
column 3 lines 52-59, and Mcllroy, section 1, paragraph 2 lines 1-2). At the time 
of the invention it would have been obvious to one having ordinary skill in the art 
to implement Mcllroy's secure system by adding labels to Hubis' port mapping 
table. 

The motivation for doing so would have been that the Mcllroy's system 
provides sound, practical security (abstract, lines 3-5) and uses security labels to 
classify information for purposes of privacy and integrity (abstract, lines 5-7). 

Therefore, it would have been obvious at the time of the invention to 
implement Mcllroy's security labels on Hubis 1 volume management system for 
the benefit of practical security and for purposes of privacy and integrity, to obtain 
the invention of Claim 2. 

12. As per Claim 3 , Hubis and Mcllroy disclose an input/output management 
system according to Claim 1, wherein said connection information definition block 
comprises: 

a computer identification information definition division (host 
computer ID map data structure, column 4 lines 10-11) in which physical 
identification information (host computer ID, column 4 line 10) that 
uniquely indicates said computer connected to said disk device is defined. 
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1 3. As per Claim 4 . Hubis and Mcllroy disclose an input/output management 
system for managing input or output from or to a disk device connected to a 
computer according to Claim 1 , wherein said connection information definition 
block comprises: 

a computer identification information definition division (port 
mapping table 190, Figure 2B-3) in which the relationship of logical 
connection (port mapping table entry 191, Figure 2B-3) between said 
computer and a logical area in a logical volume included in said disk 
device is defined using computer identification information (host index 
151, Figure 2B-3). 

14. As per Claim 6 . Hubis and Mcllroy disclose an input/output management 
system according to Claim 1, wherein said connection information definition block 
comprises: 

a computer identification information definition division (port 
mapping table 190, Figure 2B-3) in which the relationship of logical 
connection (port mapping table entry 191, Figure 2B-3) between said 
computer and a logical volume included in said disk device is defined 
using port numbers (i/o processor number column in port mapping, table, 
Figure 2B-3) assigned to the ports of said disk device connected to said 
computer (port 114-1 through port 114-M in Figure 2A). 

1 5. As per Claim 9 . Hubis discloses an input/output management method for 
managing input or output from or to a disk device (disk drive storage array, 
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column 3 lines 62-65) connected to a computer (host 1 , Figure 2A), comprising 
the steps of: 

defining the relationship of logical connection (NURAM data 
structures 182, Figure 2A) between said computer and a logical volume 
(logical volume, column 10 line 33) included in said disk device or a logical 
area (logical volume, column 10 line 33) in a logical volume (physical disc 
drive, column 10 line 32)\ and 

controlling, based on the definition, whether said computer can 
access a logical volume included in said disk device or a logical area a 
logical volume (column 4 lines 6-8). 

Hubis does not disclose wherein said connection information definition 
block includes a logical volume connection information specification division in 
which a connected state value concerning the connection of said computer is 
specified in relation to each logical volume included in said disk device or each 
logical area in each logical volume included in said disk device, said connected 
state value ranging between a minimum value and a maximum value, said 
maximum value signifying that said computer is fully connected, said minimum 
value signifying that said computer is fully disconnected, an intermediate value 
between said maximum value and said minimum value signifying a conditionally 
connected state for said computer. 

Mcllroy discloses a connected state value (ceiling, section 2, paragraph 1 
line 3) concerning the connection of said computer (process. Section 2, 
paragraph 1 line 3) is specified in relation to each logical volume (file system, 
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section 2, paragraph 1 line 3), said connected state value ranging between a 
minimum value and a maximum value (section 2, paragraph 2 line 1), said 
maximum value (symbol "yes", section 2, paragraph 2 line 2) signifying that said 
computer is fully connected, said minimum value (symbol "no", section 2, 
paragraph 2 lines 3-4) signifying that said computer is fully disconnected, an 
intermediate value (element of a mathematical lattice, section 2, paragraph 2 line 
1) between said maximum value and said minimum value signifying a 
conditionally connected state (when a process label has a higher privilege than a 
storage label the communication may proceed, otherwise it will not, section 1, 
paragraph 2 lines 2-3) for said computer. 

Hubis and Mcllroy are analogous art in that they both deal with the Unix 
operating system (see Hubis, column 1 lines 41-43, and Mcllroy, section 1, 
paragraph 1 line 1) and validating authorization to access files (see Hubis, 
column 3 lines 52-59, and Mcllroy, section 1, paragraph 2 lines 1-2). At the time 
of the invention it would have been obvious to one having ordinary skill in the art 
to implement Mcllroy's secure system by adding labels to Hubis' port mapping 
table. 

The motivation for doing so would have been that the Mcllroy's system 
provides sound, practical security (abstract, lines 3-5) and uses security labels to 
classify information for purposes of privacy and integrity (abstract, lines 5-7). 

Therefore, it would have been obvious at the time of the invention to 
implement Mcllroy's security labels on Hubis' volume management system for 
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the benefit of practical security and for purposes of privacy and integrity, to obtain 
the invention of Claim 9. 

16. As per Claim 10 , Hubis and Mcllroy disclose an input/output management 
method according to Claim 9, wherein 

the definition of the relationship of connection contains physical 
identification information (host world wide name list 153, Figure 2B-1) that 
uniquely indicates said computer connected to said disk device. 

17. As per Claim 11 , Hubis discloses an input/output management method for 
managing input or output from or to a disk device (disk drive storage array, 
column 3 lines 62-65) connected to a computer (host 1, Figure 2A), comprising 
the steps of: 

defining, based on computer identification information (host world 
wide name list 153, Figure 2B-1) and logical volume connection 
information (volume permission table 194, Figure 2B-3), the relationship of 
logical connection (port mapping table 190, Figure 2B-3) between said 
computer and a logical volume (logical volume, column 10 line 33) 
included in said disk device or a logical area (logical volume, column 10 
line 33) in a logical volume (physical disc drive, column 10 line 32)\ and 

controlling, based on the definition, whether said computer can 
access a logical area in a logical volume included in said disk device 
(column 4 lines 6-8). 

Hubis does not disclose wherein said connection information definition 
block includes a logical volume connection information specification division in 
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which a connected state value concerning the connection of said computer is 
specified in relation to each logical volume included in said disk device or each 
logical area in each logical volume included in said disk device, said connected 
state value ranging between a minimum value and a maximum value, said 
maximum value signifying that said computer is fully connected, said minimum 
value signifying that said computer is fully disconnected, an intermediate value 
between said maximum value and said minimum value signifying a conditionally 
connected state for said computer. 

Mcllroy discloses a connected state value (ceiling, section 2, paragraph 1 
line 3) concerning the connection of said computer (process. Section 2, 
paragraph 1 line 3) is specified in relation to each logical volume (file system, 
section 2, paragraph 1 line 3), said connected state value ranging between a 
minimum value and a maximum value (section 2, paragraph 2 line 1), said 
maximum value (symbol "yes", section 2, paragraph 2 line 2) signifying that said 
computer is fully connected, said minimum value (symbol "no", section 2, 
paragraph 2 lines 3-4) signifying that said computer is fully disconnected, an 
intermediate value (element of a mathematical lattice, section 2, paragraph 2 line 
1) between said maximum value and said minimum value signifying a 
conditionally connected state (when a process label has a higher privilege than a 
storage label the communication may proceed, otherwise it will not, section 1, 
paragraph 2 lines 2-3) for said computer. 

Hubis and Mcllroy are analogous art in that they both deal with the Unix 
operating system (see Hubis, column 1 lines 41-43, and Mcllroy, section 1, 
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paragraph 1 line 1) and validating authorization to access files (see Hubis, 
column 3 lines 52-59, and Mcllroy, section 1, paragraph 2 lines 1-2). At the time 
of the invention it would have been obvious to one having ordinary skill in the art 
to implement Mcllroy's secure system by adding labels to Hubis' port mapping 
table. 

The motivation for doing so would have been that the Mcllroy's system 
provides sound, practical security (abstract, lines 3-5) and uses security labels to 
classify information for purposes of privacy and integrity (abstract, lines 5-7). 

Therefore, it would have been obvious at the time of the invention to 
implement Mcllroy's security labels on Hubis' volume management system for 
the benefit of practical security and for purposes of privacy and integrity, to obtain 
the invention of Claim 1 1 . 

18. As per Claim 15 , Hubis discloses a computer-readable storage medium 
including a disk control program for executing a method of processing 
information based on which input or output from or to a disk device (disk drive 
storage array, column 3 lines 62-65) connected to a computer (host 1, Figure 2A) 
is managed, wherein said disk control program comprises: 

code for defining the relationship of logical connection (NURAM 
data structures 182, Figure 2A) between said computer and a logical 
volume (logical volume, column 10 line 33) included in said disk device or 
a logical area (logical volume, column 10 line 33) in a logical volume 
(physical disc drive, column 10 line 32) on the basis of both physical 
identification information (host world wide name list 153, Figure 2B-1) that 
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uniquely indicates said computer connected to said disk device, and 
logical volume connection information (permission column 195, Figure 2B- 
3) that contains a connected state value (permission value 195, Figure 2B- 
3) concerning the connection of said computer to each logical volume 
included in said disk device or each logical area in each logical volume; 
and 

code for controlling, based on the definition, whether said computer 
can access a logical volume included in said disk device or a logical area 
a logical volume (column 4 lines 6-8), 

Hubis does not disclose wherein said connected state value ranges 
between a minimum value and a maximum value, said maximum value signifying 
that said computer is fully connected, said minimum value signifying that said 
computer is fully disconnected, an intermediate value between said maximum 
value and said minimum value signifying a conditionally connected state for said 
computer. 

Mcllroy discloses a connected state value (ceiling, section 2, paragraph 1 
line 3) concerning the connection of said computer (process. Section 2, 
paragraph 1 line 3) is specified in relation to each logical volume (file system, 
section 2, paragraph 1 line 3), said connected state value ranging between a 
minimum value and a maximum value (section 2, paragraph 2 line 1) } said 
maximum value (symbol "yes", section 2, paragraph 2 line 2) signifying that said 
computer is fully connected, said minimum value (symbol "no", section 2, 
paragraph 2 lines 3-4) signifying that said computer is fully disconnected, an 
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intermediate value (element of a mathematical lattice, section 2, paragraph 2 line 
1) between said maximum value and said minimum value signifying a 
conditionally connected state (when a process label has a higher privilege than a 
storage label the communication may proceed, otherwise it will not, section 1, 
paragraph 2 lines 2-3) for said computer. 

Hubis and Mcllroy are analogous art in that they both deal with the Unix 
operating system (see Hubis, column 1 lines 41-43, and Mcllroy, section 1, 
paragraph 1 line 1) and validating authorization to access files (see Hubis, 
column 3 lines 52-59, and Mcllroy, section 1, paragraph 2 lines 1-2). At the time 
of the invention it would have been obvious to one having ordinary skill in the art 
to implement Mcllroy's secure system by adding labels to Hubis' port mapping 
table. 

The motivation for doing so would have been that the Mcllroy's system 
provides sound, practical security (abstract, lines 3-5) and uses security labels to 
classify information for purposes of privacy and integrity (abstract, lines 5-7). 

Therefore, it would have been obvious at the time of the invention to 
implement Mcllroy's security labels on Hubis' volume management system for 
the benefit of practical security and for purposes of privacy and integrity, to obtain 
the invention of Claim 15. 

Claim Rejections - 35 USC ' 103 - Hubis, Mcllroy and King 
19. Claim 5, 7 and 12 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Hubis et al (US Patent Number 6,343,324) and Mcllroy et al. 
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("Multilevel Security in the UNIX Tradition") as applied to Claims 4, 1 and 9 
respectively above, in further view of King et al ("Operating System Support for 
Virtual Machines"). 

20. As per Claim 5 , Hubis and Mcllroy disclose an input/output management 
system according to Claim 4, wherein 

computer identification information (host index 151, Figure 2B-3) 
concerning said computer is specified in said computer identification 
information definition division (port mapping table 190, Figure 2B-3), and 

said input/output execution control block controls whether said 
computer can access a logical area in a logical volume included in said 
disk device (column 4 lines 6-8). 

Hubis and Mcllroy do not disclose said computer including a plurality of 
logical computers, wherein computer identification information concerning each 
of said logical computers is specified in said computer identification information 
definition division, and said input/output execution control block controls whether 
each of said logical computers that share the same physical input/output path 
can access a logical area in a logical volume included in said disk device. 

King discloses a computer (computer system, section 1 paragraph 1 lines 
2-3) including a plurality of logical computers (virtual machines, section 1 
paragraph 2 lines 5-6), 

wherein computer identification information concerning each of said 

logical computers (host index 151, Figure 2B-3, see interpretation below) 
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is specified in said computer identification information definition division, 
and 

said input/output execution control block controls whether each of 

said logical computers that share the same physical input/output path can 

access a logical area in a logical volume included in said disk device 

(King, figure "Type I VMM", see interpretation below). 

The virtual machines run inside the client computer (King, figure "Type I 
VMM") and as said client computer's access over its physical input/output path is 
controlled by the input/output execution control block, inherently so would the 
virtual machines. Additionally, the computer identification associated with each of 
said logical computers (host index 151, Figure 2B-3) is identical and is specified 
in said computer identification information definition division. 

King and Hubis are analogous art in that they both deal with systems of 
multiple and heterogeneous host computers. It would have been obvious to 
someone with ordinary skill in the art to run the plurality of virtual machines 
taught by King on the client computer in Hubis and Mcllroy's input/output 
management system. 

King states that virtual machines can be used to provide a software 
environment for debugging operating systems that is more convenient than using 
a physical machine (section 1 paragraph 2 line 13-15) and provide a convenient 
interface for adding functionality (section 1 paragraph 2 line 15-19). 

Therefore, it would have been obvious to combine the host taught by 
Hubis and Mcllroy with the virtual machines taught by King for the benefit of 
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debugging and conveniently adding functionality, to obtain the invention as 
specified in claim 5. 

21 . As per Claim 7 , Hubis, Mcllroy and King disclose an input/output 
management system for managing input or output from or to a disk device 
connected to a computer according to Claim 1 , 

wherein the definition (Hubis, port mapping table 190, Figure 2B-3) 
is used to control whether each of a plurality application programs running 
in said computer (King, guest applications, figure "Type I VMM") can 
access a logical volume included in said disk device or a logical area in a 
logical volume (Hubis, column 4 lines 6-8). 

King discloses multiple applications running in a virtual machine (guest 
applications, figure "Type I VMM"). The virtual machines run inside the client 
computer (King, figure "Type I VMM") and as said client computer's access over 
its physical input/output path is controlled by the input/output execution control 
block, inherently so would the virtual machines. 

22. As per Claim 12 , Hubis, Mcllroy and King disclose an input/output 
management method according to Claim 9, 

wherein whether each of a plurality of application programs running 
in said computer (King, guest applications, figure "Type I VMM") can 
access a logical volume included in said disk device or a logical area in a 
logical volume is controlled (Hubis, column 4 lines 6-8). 



Claim Rejections - 35 USC ' 103 - Hubis. Mcllroy and Tang 
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23. Claim 13 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Hubis et al (US Patent Number 6,343,324) and Mcllroy et al. ("Multilevel Security 
in the UNIX Tradition") as applied to Claim 1 1 above, in further view of Tang et al 
("Load Distribution via Static Scheduling and Client Redirection for Replicated 
Web Servers"). 

24. As per Claim 13 , Hubis and Mcllroy disclose an input/output management 
method according to Claim 1 1 , wherein a plurality of pieces of definition 
information (port mapping table entry 191, Figure 2B-3) define whether said 
computer or each of a plurality of application programs running in said computer 
can access a logical volume included in said disk device or a logical area in a 
logical volume (column 4 lines 6-8). Hubis and Mcllroy do not disclose the 
plurality as being automatically switched with the start of each of time zones 
according to a predefined schedule. 

The limitation "said computer or each of a plurality of application programs 
running in said computer" can be fulfilled by one or more of the limitations "said 
computer" ox "each of a plurality of application programs running in said 
computer". 

Tang discloses a plurality of pieces of definition information as being 
automatically switched (section 2 item 2 lines 3-5) with the start of each of time 
zones (period of T s , section 2 item 2 line 3) according to a predefined schedule 
(section 2 item 2). 

Hubis and Tang are analogous art in that they deal with managing the 
connection relationship between clients accessing data from one of a plurality of 
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storage locations. It would have been obvious to someone with ordinary skill in 
the art to schedule connections in Hubis and Mcllroy's storage system with 
Tang's scheduler. 

Tang discloses that using a scheduler allows user-specific data to be 
migrated or located at a specific storage location (section 1 paragraph 3 lines 11- 
13) while still keeping the load on each storage location balanced (section 1 
paragraph 3 lines 13-14). 

Therefore, it would have been obvious to combine the storage system 
taught by Hubis and Mcllroy with the scheduler taught by Tang for the benefit of 
minimizing data replication and balancing the load on each storage location, to 
obtain the invention as specified in Claim 13. 

Though not required for the current rejection, the Examiner notes that as 
per the rejection of Claim 7, King ("Operating System Support for Virtual 
Machines") discloses a computer (computer system, section 1 paragraph 1 lines 
2-3) including a plurality of applications (guest applications, figure "Type I VMM"). 

Claim Rejections - 35 USC ' 103 - Hubis, Mcllroy, King and Tang 
25. Claims 8 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Hubis et al (US Patent Number 6,343,324), Mcllroy et al. ("Multilevel Security in 
the UNIX Tradition") and King et al ("Operating System Support for Virtual 
Machines") as applied to Claim 7 above, and in further view of Tang et al ("Load 
Distribution via Static Scheduling and Client Redirection for Replicated Web 
Servers"). 
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26. As per Claim 8 , Hubis, Mcllroy and King disclose an input/output 
management system according to Claim 7, wherein 

a plurality of pieces of computer identification information (Hubis, 
port mapping table entry 191, Figure 2B-3) defining whether said 
computer or each of said application programs (King, guest applications, 
figure "Type I VMM") can access a logical volume included in said disk 
device or a logical area in a logical volume (column 4 lines 6-8). 
Hubis, Mcllroy and King do not expressly disclose the system further 
comprising a schedule definition division containing said plurality of pieces of 
computer identification information being specified in relation to respective time 
zones, and in which a schedule for automatically changing the plurality of pieces 
of computer identification information is predefined. 

Tang discloses a system comprising a schedule definition division 
containing a plurality of pieces of computer identification information 
(hostname/IP address, section 2.1 line 3) being specified in relation to respective 
time zones (period of T s , section 2 item 2 line 3), and in which a schedule for 
automatically changing the plurality of pieces of computer identification 
information is predefined (section 2 item 2). 

Regarding the limitation "a schedule definition division", Tang discloses a 
scheduler generating and storing assignments between client networks and 
assigned servers (section 2.2 lines 1-2). Although not expressly mentioned, it is 
inherent in the storing operation for the scheduler to store the assignments in an 
accessible way in memory. Assignments stored in an accessible way in memory 
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can be considered a data structure, and this data structure subsequently fulfils 
the limitation of a schedule definition division. 

Hubis, Mcllroy, King and Tang are analogous art in that they deal with 
managing the connection relationship between clients accessing data from one 
of a plurality of storage locations. It would have been obvious to someone with 
ordinary skill in the art to schedule connections in Hubis and King's storage 
system with Tang's scheduler. 

Tang discloses that using a scheduler allows user-specific data to be 
migrated or located at a specific storage location (section 1 paragraph 3 lines 11- 
13) while still keeping the load on each storage location balanced (section 1 
paragraph 3 lines 13-14). 

Therefore, it would have been obvious to combine the storage system 
taught by Hubis, Mcllroy and King with the scheduler taught by Tang for the 
benefit of minimizing data replication and balancing the load on each storage 
location, to obtain the invention as specified in Claim 8. 

Claim Rejections - 35 USC 9 103 - Hubis, Mcllroy and Reynolds 
27. Claim 14 is rejected under 35 U.S.C. 103(a) as being unpatentable over 
Hubis et al (US Patent Number 6,343,324) and Mcllroy et al. ("Multilevel Security 
in the UNIX Tradition") as applied to Claim 10 above, and in further view of 
Reynolds et al ("The Design and Implementation of an Intrusion Tolerant 
System"). 



Application/Control Number: 10/814,475 Page 
Art Unit: 2185 

28. As per Claim 14 . Hubis and Mcllroy disclose the input/output 
management method according to Claim 10, including definition information 
(NURAM data structures 182, Figure 2A) that defines whether said computer or 
each of a plurality of application programs running in said computer can access a 
logical volume included in said disk device or a logical area in a logical volume 
(column 4 lines 6-8). Hubis and Mcllroy do not expressly disclose the definition 
information being automatically modified with a system failure occurring in said 
connected computer as a trigger. 

The limitation "said computer or each of a plurality of application programs 
running in said computer" can be fulfilled by one or more of the limitations "said 
computer" or "each of a plurality of application programs running in said 
computer". 

Reynolds discloses a system wherein a computer's access is 
automatically modified with a system failure (page 4 column 1 lines 7-11) 
occurring in said connected computer as a trigger (page 4 column 1 lines 33-35). 

Hubis and Reynolds are analogous art in that they both deal with the way 
clients access servers. It would have been obvious to one with ordinary skill in 
the art to combine Hubis' storage system with Reynolds failure detection system. 
Reynolds discloses that fault tolerant techniques usually are designed to work 
against faults (page 1 column 2 lines 4-5). Reynolds also states that faults 
produce vulnerabilities that can be exploited by an attacker (page 1 column 2 
lines 8-10). 
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Therefore, it would have been obvious to combine the storage system 
taught by Hubis and Mcllroy with the fault detection taught by Reynolds for the 
benefit of protection against vulnerabilities, to obtain the invention as specified in 
claim 14. 

Though not required for the current rejection, the Examiner notes that as 
per the rejection of Claim 7, King ("Operating System Support for Virtual 
Machines") discloses a computer (computer system, section 1 paragraph 1 lines 
2-3) including a plurality of applications (King, guest applications, figure "Type I 
VMM"). 

Claim Rejections - 35 USC ' 103 - Hubis, Mcllroy and Mullen 

29. Claims 16-20 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Hubis et al (US Patent Number 6,343,324) and Mcllroy et al. ("Multilevel 
Security in the UNIX Tradition") as applied to Claim 10 above, and in further view 
of Mullen ("Restrict Anonymous: Enumeration and the Null User"). 

30. As per Claims 16 and 17 , Hubis and Mcllroy disclose an input/output 
management system according to Claims 1 and 2 respectively above, wherein if 
said connected state value is an intermediate value, then: 

an access key (label, section 1, paragraph 2 line 1) is appended 
(the label is inherently appended to a process in that the IX system is a 
modification of a UNIX system where one of the modifications was to add 
the element "label" to the filesystem, section 7.3) to an input/output 
request (process, section 1, paragraph 2 line 1) issued by said computer; 
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if said access key is larger than said connected state value (section 
2. 1, paragraph 1 lines 2-3), input/output for said input/output request is 
disabled (requirement not held -> data may not flow, section 2.1, 
paragraph 1 lines 2-3); and 

if said access key is equal to or smaller than said connected state 
value (section 2.1, paragraph 1 lines 2-3), input/output for said 
input/output request is enabled (requirement held -> data may flow, 
section 2. 1, paragraph 1 lines 2-3). 

Hubis and Mcllroy do not disclose that if an access key is not appended to 
an input/output request issued by said computer, said computer is treated as fully 
disconnected. 

Mullen discloses that if an access key is not appended to an input/output 
request issued by said computer (a user account exists that does not have 
credentials, paragraph 2 ("Before we...") lines 9-11), said computer is treated as 
fully disconnected (paragraph 5 ("This obviously...") lines 1-7). 

Hubis, Mcllroy and Mullen are analogous art in that they deal with 
checking credentials on a networked system. At the time of the invention it would 
have been obvious to one with ordinary skill in the art to block the connection of 
one of Hubis and Mcllroy's hosts if it does not have a label, as taught by Mullen. 

Mullen teaches that by not having credentials, a user account can do 
things that would not be allowed if it had proper credentials and can be used to 
glean a tremendous amount of information from a network without raising any 
eyebrows (paragraph 2, lines 9-11). 
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Therefore, it would have been obvious to combine Hubis and Mcllroy's 
secure connection system with Mullen's insight about not having credentials for 
the benefit of securing the system to obtain the invention as specified in Claims 
16 and 17. 

31 . As per Claims 18 and 19 , Hubis and Mcllroy disclose an input/output 
management method according to Claims 9 and 11 respectively above, wherein 
if said connected state value is an intermediate value, then: 

an access key (label, section 1, paragraph 2 line 1) is appended 
(the label is inherently appended to a process in that the IX system is a 
modification of a UNIX system where one of the modifications was to add 
the element "label" to the filesystem, section 7.3) to an input/output 
request (process, section 1, paragraph 2 line 1) issued by said computer; 

if said access key is larger than said connected state value (section 
2.1, paragraph 1 lines 2-3), input/output for said input/output request is 
disabled (requirement not held -> data may not flow, section 2. 1, 
paragraph 1 lines 2-3)\ and 

if said access key is equal to or smaller than said connected state 
value (section 2. 1, paragraph 1 lines 2-3), input/output for said 
input/output request is enabled (requirement held -> data may flow, 
section 2. 1, paragraph 1 lines 2-3). 

Hubis and Mcllroy do not disclose that if an access key is not appended to 
an input/output request issued by said computer, said computer is treated as fully 
disconnected. 
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Mullen discloses that if an access key is not appended to an input/output 
request issued by said computer (a user account exists that does not have 
credentials, paragraph 2 ("Before we..,") lines 9-11), said computer is treated as 
fully disconnected (paragraph 5 ("This obviously...") lines 1-7). 

Hubis, Mcllroy and Mullen are analogous art in that they deal with 
checking credentials on a networked system. At the time of the invention it would 
have been obvious to one with ordinary skill in the art to block the connection of 
one of Hubis and Mcllroy's hosts if it does not have a label, as taught by Mullen. 

Mullen teaches that by not having credentials, a user account can do 
things that would not be allowed if it had proper credentials and can be used to 
glean a tremendous amount of information from a network without raising any 
eyebrows (paragraph 2, lines 9-11). 

Therefore, it would have been obvious to combine Hubis and Mcllroy's 
secure connection system with Mullen's insight about not having credentials for 
the benefit of securing the system to obtain the invention as specified in Claims 
18 and 19. 

32. As per Claim 20 , Hubis and Mcllroy disclose a computer-readable storage 
medium according to Claim 15, wherein if said connected state value is an 
intermediate value, then: 

an access key (label, section 1 } paragraph 2 line 1) is appended 
(the label is inherently appended to a process in that the IX system is a 
modification of a UNIX system where one of the modifications was to add 
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the element "label" to the filesystem, section 7.3) to an input/output 
request (process, section 1, paragraph 2 line 1) issued by said computer; 

if said access key is larger than said connected state value (section 
2.1, paragraph 1 lines 2-3), input/output for said input/output request is 
disabled (requirement not held -> data may not flow, section 2. 1, 
paragraph 1 lines 2-3)\ and 

if said access key is equal to or smaller than said connected state 
value (section 2. 1, paragraph 1 lines 2-3), input/output for said 
input/output request is enabled (requirement held -> data may flow, 
section 2. 1, paragraph 1 lines 2-3). 

Hubis and Mcllroy do not disclose that if an access key is not appended to 
an input/output request issued by said computer, said computer is treated as fully 
disconnected. 

Mullen discloses that if an access key is not appended to an input/output 
request issued by said computer (a user account exists that does not have 
credentials, paragraph 2 ("Before we...") lines 9-11), said computer is treated as 
fully disconnected (paragraph 5 ("This obviously...") lines 1-7). 

Hubis, Mcllroy and Mullen are analogous art in that they deal with 
checking credentials on a networked system. At the time of the invention it would 
have been obvious to one with ordinary skill in the art to block the connection of 
one of Hubis and Mcllroy's hosts if it does not have a label, as taught by Mullen. 

Mullen teaches that by not having credentials, a user account can do 
things that would not be allowed if it had proper credentials and can be used to 
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glean a tremendous amount of information from a network without raising any 
eyebrows (paragraph 2, lines 9-11). 

Therefore, it would have been obvious to combine Hubis and Mcllroy's 
secure connection system with Mullen's insight about not having credentials for 
the benefit of securing the system to obtain the invention as specified in Claim 
20. 

III. RELEVANT ART CITED BY THE EXAMINER 

33. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

Draves (US Patent Number 5,802,590) discloses a method and system for 
allowing process to access resources. 

Clifton (US Patent Number 5,469,556) discloses a resource access 
security system for use in a data processing system. 

Sena et al. ("A Protection Model for Network Communications Based on 
Security Levels") discloses a security level model for packet communications. 

IV. CLOSING COMMENTS 

34. Applicant's amendment necessitated the new ground(s) of rejection 
presented in this Office action. Accordingly, THIS ACTION IS MADE FINAL. 
See MPEP § 706.07(a). Applicant is reminded of the extension of time policy as 
set forth in 37 CFR 1.136(a). 
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A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply is 
filed within TWO MONTHS of the mailing date of this final action and the advisory 
action is not mailed until after the end of the THREE-MONTH shortened statutory 
period, then the shortened statutory period will expire on the date the advisory 
action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be 
calculated from the mailing date of the advisory action. In no event, however, will 
the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

a. CLAIMS REJECTED IN THE APPLICATION 

35. Per the instant office action, claims 1-20 have received a first action on the 
merits and are subject of a first action non-final. 

b. DIRECTION OF FUTURE CORRESPONDENCES 

36. Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Sam Dillon whose telephone number is 571- 
272-8010. The examiner can normally be reached on 8:30-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Don Sparks can be reached on 571-272-4201. The fax 
phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 
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IMPORTANT NOTE 



37. Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 
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